Are you talking about a full device wipe, or about erasing a specific piece of data inside an unprivileged application?
–
GillesJan 22 '13 at 17:17

I'm pretty sure you're out of luck with Android then. It's as hard to keep track of all the copies of the data as with other OSes such as Linux or Windows. Forget about media remanence (which is a pretty exotic attack path) — a simple dump of the flash is likely to find older copies of the file. In iOS, I suspect the keychain would be ok but I've found very few technical details about how it's implemented.
–
GillesJan 22 '13 at 17:24

Without looking to be sure, I believe the NISPOM does include recommendations for smartphones and similar devices. Not sure about SP 800-88 off the top of my head. Point being that, while there may indeed be "complications with deleting data on an SSD", you can still be technically satisfying your compliance requirements as long as you are following the proscribed procedures. That said, I think this question is a bit too broad. Which do you want to know - how to satisfy certain requirements, or how to actually wipe SSD storage? If you're looking to satisfy a requirement, pick one.
–
IsziJan 22 '13 at 17:24

@Iszi I updated my question, perhaps this is more direct: " Given the constrains of an unprivileged application, what is the best that one can hope for in terms of removing sensitive information from a mobile device?"
–
rookJan 22 '13 at 17:27

@Rook If that is your real question, then perhaps remove the bit about NISPOM/800-88 entirely. Or, at least change it so that it is not worded as an additional question.
–
IsziJan 22 '13 at 17:28

1 Answer
1

Within an unprivileged application, there's no good way to store confidential data and hope to erase it and only it. If you write the data to a file, you don't know where this data will end up. SSD remanence is the least of your worries (and it may or may not be a worry depending on whether the flash controller implements a secure erase — I don't know how common this is on mobile devices). There may be multiple copies of the data on the filesystem if the file was written multiple times (either overwritten or replaced), if the filesystem was rearranged as part of defragmentation, if the device was backed up and restored, in the filesystem logs, …

On iOS, your best bet for small amounts of confidential data is the keychain. (If you have large amounts of data, encrypt it with a random (per-device) key and store the key in the keychain.) This is not a panacea (FAQ, SO thread), and as all things Apple there is very little publicly available technical information, but is likely to be better than most of what you can find on current mobile devices. There is nothing similar on Android.

If you want a full device wipe, that's a very different matter. Recent enough versions of iOS and Android offer a fast wipe feature (and I believe Blackberry does as well). This is handled at the OS level, not at the application level, but in an enterprise setting, it is common to grant the organization's IT team the permission to trigger a wipe remotely. (The fact that this indiscriminately erases both enterprise data and user data is a hurdle for BYOD adoption.) Fast wipes work by encrypting the whole storage except for a header containing the encryption key, and overwriting the encryption key. This is not foolproof as you may be vulnerable to SSD remanence, but it raises the bar significantly for an attacker.

On iOS, this feature is available on all devices running iOS 5 as well as some older devices running iOS 4. Android also has a device wipe feature which can be triggered by applications with the appropriate permission; I don't know what versions or settings wipe by overwriting the encryption key.

Remember that even if you throw the device in a volcano, there may exist other copies of the data in backups in the cloud (somewhere on Google's or Apple's servers) or on the user's PC.